Challenges

In the last couple of years, energy providers have been expanding their infrastructure, whether by replacing previously used meters with Smart Meters or integrating newer models equipped with integrated remote metering systems. The EU 2009/72/WE Directive enforces a requirement for at least 80 percent of energy receivers to be supplied with smart meters by 2026, creating several new responsibilities for energy distributors, namely subjects such as meter and router management, ensuring sufficient communication standards, storage of passwords and DLMS authentication keys as well as software updates.

As we know, a successfully finalised process of implementation of smart energy monitors can be hard to achieve, which is why we would like to highlight the importance of implementing sufficient security measures to protect AMI systems from cyber attacks.

HOW WE CAN HELP YOU

Smart meter security analysis

Smart meters are built-in devices equipped with displayed communication interfaces and just like other electronic devices, they can be vulnerable to local and remote attacks. Conducting audits of the equipment before finalising the purchase is the most efficient way to make sure we choose the most secure devices available. Additionally, while the auditing processes are ongoing, we can ensure all the necessary changes to firmware have been implemented and are sufficiently secure.

Security audits of routers, PLC modules, and concentrators

A security assessment and configuration hardening are the best way to prevent remote attacks and potential data leaks.

Security audits of network devices

Smart meters, although crucial for the functioning of AMI systems, are not the only important element. Each AMI system consists first and foremost of vast infrastructure in which each element’s security needs to be ensured.

Correct firewall rule and network configuration

Using proprietary tools we will analyse Your AMI network traffic and restrict the firewall rules to the minimum required for operational efficiency of the network, leaving no security gaps which could potentially be exploited.

Head End System hardening

Head-End Systems consist of a large number of independent components, which we will update along with conducting hardening processes focused on HES security.

Implementation of Public Key Infrastructure (PKI)

To ensure operational continuity, the communication channels between network devices and HES must maintain their confidentiality and integrity. A correctly implemented PKI system can provide secure, encrypted means of communication as well as ways to authenticate terminal equipment on HES.

General controls audit

After finalising the implementation process, we will conduct a comprehensive audit of system security using Red Team tactics (an analysis of system security from an attacker’s perspective).

WHEN TO CONSIDER SECURITY?

image
Purchasing an AMI system is a huge investment, often costing millions of PLN. To avoid any purchases of smart meters, concentrators, or hardware you might regret, we recommend conducting a few security and safety tests of the devices you might be interested in buying before you finalise the purchasing processes.
image
If the purchasing process has already been finalised but the AMI implementation process has not yet been completed, it is your last chance to conduct a safety audit of the equipment without it negatively affecting the system. The remaining time before you start up the system can be used to carry out an audit of the equipment and improve the security of the meters’ and concentrators’ software, including hardening processes of the infrastructure.
image
If the AMI system is already operating during production, but you have doubts about the status of its security, you can conduct a security analysis of the measuring infrastructure equipment. If the infrastructure supplier is unable to provide security patches for the equipment’s software, we can recommend other corrective measures and carry out hardening processes of the infrastructure to reduce the number of potential attack vectors.

Potrzebujesz więcej informacji? Skontaktuj się z nami